VerifySignedBycert decrypts the signature of the data by using the public key of the specified certificate, and compares the decrypted value to a newly computed MD5 hash of the data. If the values match, the signature is confirmed to be valid.

A. Verifying that signed data has not been tampered with

The following example tests whether the information in Signed_Data has been changed since it was signed with the certificate called Shipping04. The signature is stored in DataSignature. The certificate, Shipping04, is passed to Cert_ID, which returns the ID of the certificate in the database. If VerifySignedByCert returns 1, the signature is correct. If VerifySignedByCert returns 0, the data in Signed_Data is not the data that was used to generate DataSignature. In this case, either Signed_Data has been changed since it was signed or Signed_Data was signed with a different certificate.